SSL Authentication in Mongrel

rubyonrails-talk
1

I am working on project and I need to get the value stored in the header (SSL_CLIENT_S_DN_CN ). We have been doing PKI authentication for sometime in PHP by getting the value of $_SERVER["SSL_CLIENT_S_DN_CN"] . Now that I am trying some stuff in Rails I can't seem to get anywhere. I try to do what you do above and I get a "Bad Request" when I have SSLUserName SSL_CLIENT_S_DN_CN in the httpd-ssl.conf file. I am able to get up and running when I comment it out.

Here is my config:

SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/var/run/ssl_scache(512000)" SSLSessionCacheTimeout 28800 SSLMutex "file:/var/run/ssl_mutex" <VirtualHost *:443> <Proxy balancer://mongrel_cluster> BalancerMember http://127.0.0.1:3000 </Proxy> # General setup for the virtual host ServerName luther.example.com ServerAdmin r...@example.com ErrorLog "/var/log/httpd-error.log" TransferLog "/var/log/httpd-access.log" RequestHeader set X_FORWARDED_PROTO 'https' SSLUserName SSL_CLIENT_S_DN_CN ProxyPass / balancer://mongrel_cluster/ ProxyPassReverse / balancer://mongrel_cluster/ ProxyPreserveHost ON #Rewrite the REMOTE_USER env variable into the request header RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . -[E=RU:%1] RequestHeader add X-FORWARDED-User %{RU}e SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/usr/local/etc/apache22/ssl/luther.crt" SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/privkey.pem" SSLCertificateChainFile "/usr/local/etc/apache22/ssl/chain.crt" SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt" SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +StdEnvVars +ExportCertData </VirtualHost> And in an controller I am just doing: <p><%= request.env['SSL_CLIENT_S_DN_CN'] %></p> also tried <%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %>

All I get is blank.

Any advice would be MUCH appreciated

2

As a "quick and nasty, see what the hell is happening" thing, I would put the following in your view:

<pre> <%= session.to_yaml -%> </pre>

That way you can see what the session actually contains and debug from there.

Mikel

3

Fantastic! ... I did that and was able to see that I was calling it wrong!

I was <%= request.env['HTTP-X-FORWARDED-SSL_CLIENT_S_DN_CN'] %>

and all I needed was <%= request.env['HTTP_X_FORWARDED_SSL_CLIENT_S_DN_CN'] %>

This is great news thanks for all your help.

4

Good! :slight_smile:

That is a bit of a hackish way to do it though (putting it in the view). A better solution is making an around filter and then requesting it.

Like here:

http://www.lindsaar.net/2008/3/17/debugging-the-rails-session-store

Mikel